Location-aware configuration

ABSTRACT

A networking device may operate according to a first configuration profile adapted to cause the device to conform to restrictions applicable within a plurality of different locations. The networking device may obtain a second, location-aware configuration profile, which may include restrictions applicable to the location where the device is deployed. The second, location-aware configuration profile may be provided by a location-aware configuration service responsive to a request from the device. The service may determine a location of the device from the request. The service may identify restrictions applicable within the region the device is located.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, and claims priority to, U.S.patent application Ser. No. 12/694,022, entitled “Location-AwareConfiguration,” filed Jan. 26, 2010 for Thomas Linden et al., whichclaims priority to U.S. Provisional Application No. 61/147,542,entitled, “ADAPTIVE CONFIGURATION SYSTEM TO CONFORM WIRELESS NETWORKINGEQUIPMENT TO REGIONAL GOVERNMENTAL REGULATIONS,” filed on Jan. 27, 2009for Thomas Linden et al., each of which is hereby incorporated byreference in its entirety.

TECHNICAL FIELD

This disclosure relates to device configuration and, more particularly,to a location-aware configuration service.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a system for providing a location-awareconfiguration profile;

FIG. 2 is a flow diagram of a method for providing a location-awareconfiguration profile; and

FIG. 3 is a flow diagram of a method for configuring a device to use alocation-aware configuration profile.

DETAILED DESCRIPTION

A location-aware configuration service may determine the location of anetworking device. The location of the networking device may be used todetermine a location-aware configuration profile, which may be adaptedto cause the networking device to conform to applicable devicerestrictions. For example, a location-aware configuration profile may beconfigured to cause the networking device to conform to one or morerestrictions imposed by an authority within the region, by athird-party, or the like. The restrictions may determine which featuresmay be provided by the networking device, may restrict the manner inwhich the features are to be provided by the device, and so on. Alocation-aware configuration profile may also provide localizationand/or internationalization configuration data (globalizationconfiguration), such as display language, translation information, inputconfiguration, National Language Support (NLS), writing direction,spelling variations, and so on.

As used herein, restrictions on a networking device may include, but arenot limited to: restrictions on which frequency bands a wireless devicemay use, restrictions on which channels are available to a device,restrictions on the operational modes that may be used by the device,restrictions on the maximum power output level of the device, notices onwhether the device must accept outside interference, restrictions on thesecurity features provided by the device (e.g., encryption algorithms,key length, digital signature types, and so on), user privacyrestrictions (e.g., directives on reporting and/or logging), and so on.

A networking device may be deployed within the jurisdiction of one ormore authorities, each of which may impose one or more restrictions ondevices operating therein. For example, a device deployed within theUnited States may fall under the jurisdiction of the FederalCommunications Commission (FCC), which may have authority to imposerestrictions on devices operating within the borders of the UnitedStates. A device deployed in another jurisdiction (e.g., within theEuropean Union (EU)) may fall under the jurisdiction of a differentauthority and, as such, may be required to conform to a different set ofrestrictions (e.g., the Body of European Regulators for ElectronicCommunications (BEREC) may impose a different set of restrictions thanthe FCC). Accordingly, the location-aware configuration profile of adevice deployed within the United States may differ from thelocation-aware configuration profile of a device deployed within the EUor other country. In some cases, a region may fall under the overlappingjurisdiction of more than one authority. A location-aware configurationof a device deployed in such a region may be configured to comply withthe restrictions imposed by all of the overlapping authorities, a subsetof the authorities, or one selected authority.

A networking device may be subject to additional restrictions imposed byan inter-regional authority (e.g., an authority controlling the exportof devices from a particular region, an international authority, or thelike). For example, devices exported from the United States may besubject to restrictions imposed by the State Department, Department ofCommerce, the International Trade Commission, or the like. Therestrictions imposed by the export authority may depend upon the regionin which the device is deployed. A location-aware configuration profilemay be configured to include restrictions imposed by one or moreinter-regional authorities in accordance with the location of thedevice.

Other location-dependent device settings may be determined in alocation-aware configuration profile. For example, privacy restrictionsmay differ from region to region. The privacy restrictions may determinewhich types (if any) of user monitoring, logging, and so on, can beimplemented by the networking device. Similarly, the privacy settingsmay determine whether user opt-in is required for logging, informationgathering (e.g., marketing information), and so on. In addition, and asdiscussed above, a location-aware configuration profile may includeglobalization parameters to configure the device to use appropriatelanguage settings, input layout, and the like.

In some embodiments, a networking device may be configured to operateaccording to a first configuration profile. The first configurationprofile may be adapted to conform to the restrictions of a large numberof jurisdictions (conform to the restrictions applicable to a pluralityof different locations or countries). As such, the first configurationmay provide a reduced set of features and/or functionality (e.g.,reduced transmission power, frequency bands, encryption algorithms,etc.). For example, the first configuration profile may be adapted toconform to the restrictions imposed within each jurisdiction in whichthe device is likely to be used. Alternatively, or in addition, thefirst configuration may be configured to conform to all knownrestrictions applicable within all known regions. Where jurisdictionsimpose conflicting restrictions (e.g., a first jurisdiction requires theuse of a particular set of wireless frequencies, whereas a secondjurisdiction requires the use of a different set of frequencies), thefirst configuration may be adapted to disable the feature(s) giving riseto the conflict. Alternatively, the first configuration may be adaptedto conform to the restriction corresponding to the location where thedevice is most likely to be located, conform to the restriction havingthe higher penalty for a violation, or the like. In some embodiments,the first configuration may include one or more restrictions imposed byan export authority, may define default globalization parameters (e.g.,language, character layout, etc.), and so on.

The networking device may operate according to the first configurationprofile until a location-aware configuration profile for the device isobtained (or the first configuration is overridden in another way). Insome embodiments, the networking device may be configured to contact alocation-aware configuration service using a communications network,such as a Public Switched Telephone Network (PSTN), TCP/IP network(e.g., the internet), a Local Area Network (LAN), Wide Area Network(WAN), combination or networks, or the like. The location-awareconfiguration service may determine a location of the networking deviceand, using the device location, return a second, location-awareconfiguration profile to the networking device. The second configurationmay be location aware and, as such, may be adapted to cause the deviceto conform to one or more regional restrictions, use appropriateglobalization and privacy settings, and so on. Alternatively, if thenetworking device cannot communicate with a location-aware configurationservice, a request for an appropriate configuration profile may besubmitted in another way (e.g., out-of-band, using a different computingdevice, via mail, or the like). An out-of-band request may include adevice identifier, specify the location of the device, and the like.Responsive to the request, an appropriate configuration may be provided.In some embodiments, the configuration may be provided only afterverifying the information in the request (e.g., verifying that thenetworking device is actually deployed in the claimed location). In someembodiments, the verification may be performed by verifying an addressof a user of the device. For instance, the billing address of the devicebuyer may be compared against the claimed device location. Similarly, ifthe device buyer subscribes to a service (e.g., a service providingsecurity updates and/or security configuration to the device), thebilling address of the subscriber may be used to verify the devicelocation. Alternatively, or in addition, an out-of-band verification maybe performed (e.g., by calling the device location, mailingcorrespondence to the claimed location, or the like).

The device may be configured to periodically update the secondconfiguration profile (e.g., in response to a change in the restrictionsthat are applicable to the device). The updates may be initiated by thedevice and/or may be “pushed” to the device from a location-awareconfiguration service. In some embodiments, a device may be configuredto retransmit the second configuration profile to other devices. Theretransmission may cause other devices in the vicinity of the device tocomply with applicable restrictions. In some embodiments, the secondconfiguration profile may be updated responsive to a recall, or otherevent. In a recall example, the second configuration profile may disableand/or modify certain device features (e.g., features that cause avenerability, are not functioning properly, or the like). The featuresmay be re-enabled (via an update to the second configuration profile)when appropriate (e.g., when the device is updated to remove aparticular venerability).

FIG. 1 is a block diagram of a system 100 for providing a location-awareconfiguration. The system 100 includes a network 110, which may compriseone or more TCP/IP networks, LANs, WANs, PSTNs, and so on. Alocation-aware configuration service 120 may be communicatively coupledto the network 110 by one or more communications interfaces 121, whichmay comprise wired network interfaces (e.g., Ethernet interfaces),wireless network interfaces, or the like. The location awareconfiguration service 120 may be implemented as and/or in conjunctionwith a computing device and, as such, may include a processor (notshown), memory (not shown), input-output devices (not shown), and thelike.

The location-aware configuration service 120 may comprise and/or becommunicatively coupled to a configuration profile data store 122. Theconfiguration profile data store 122 may comprise computer-readablemedia having stored thereon, a plurality of configuration profilesadapted for a plurality of different devices. The configuration profilesstored within the data store 122 may be configured to include one ormore restrictions (e.g., wireless frequency restrictions, powerrestrictions, and so on). Therefore, the configuration profileinformation in the data store 122 may be adapted to cause a device toconform to various regional restrictions. For example, the configurationprofile data store 122 may include a transmission power configurationsetting, which may be adapted to cause a device to conform to aparticular transmission power restriction. As discussed above, therestrictions that are applicable to a particular device may depend uponthe location the device is deployed and/or the source of the device (thelocation where the device was manufactured and/or designed).

In some embodiments, the configuration profile data store 122 mayinclude configuration parameters configured to cause devices of variousdifferent types (e.g., different versions, hardware revisions,calibrations, and the like) to conform to various types of restrictions.Alternatively, or in addition, the configuration profile data store 122may include configuration profile information adapted to cause a deviceto implement settings configured to conform to the restrictions. Asdiscussed above, a restriction may define the maximum transmission powerof a wireless networking device. The configuration profile data store122 may include transmission power settings configured to cause a deviceto conform to the maximum power restriction (e.g., includepre-calibrated setting adapted to comply with the restriction).Alternatively, or in addition, the configuration profile data store 122may include transmission power directives to cause the device to selectappropriate transmission power settings according to the hardwareversion and/or calibration settings of the individual device.

The location-aware configuration service 120 may further include amarketing data store 124, which may be used to maintain a record of thedevices that have used the location-aware configuration service 120. Insome embodiments, when a device accesses the location-awareconfiguration service 120, a record of the device (along with the devicelocation) may be stored in the marketing data store 124. The record mayinclude a device identifier (e.g., serial number, version number, devicename, or the like) and location. The information may be used by a devicemanufacturer and/or marketer to determine where devices sold thereby arebeing used, to trace and/or audit a reseller channel, or the like. Themarketing data store 124 may only be used to store information about adevice under certain conditions (e.g., if permitted by applicableprivacy restrictions and/or if permission of an owner or user of thedevice 140 is obtained).

The location-aware configuration service 120 may comprise and/or becommunicatively coupled to a locator service 130, which may be capableof determining the physical location of devices within the network 110.The locator service 130 may be provided by a third party; for example,the location service 130 may be implemented independently of thelocation-aware configuration service 120, which may interact with thelocation service 130 using an application programming interface (API)provided thereby. Alternatively, the locator service 130 may beimplemented as a component and/or module of the location awareconfiguration service 120.

The locator service 130 may be configured to determine the location of adevice (e.g., device 140) based upon messages sent therefrom. In someembodiments, communications may be sent to the location-awareconfiguration service 120 on the network 110 using a communicationsprotocol, such as Internet Protocol (IP). The communications protocolmay include addressing information (e.g., IP addressing information),which may be used to determine the physical location of the sendingdevice. The addressing information may include the IP address of thesending device, traceroute information, or the like. Alternatively, orin addition, components within the network 110, such as an InternetService Provider (ISP) 112, routers (not shown), Domain Name Servers(DNS) (not shown), WHOIS services (not shown), or the like, may provideinformation about the sending device (e.g. in a traceroute request). Insome embodiments, the locator service 130 may determine the physicaladdress by performing a Domain Name Server (DNS) lookup on portions ofthe address (the source address, portions of the message traceroute, orthe like), using country codes embedded in the DNS address, based uponan ISP associated with the address (e.g., using a DNS extension, such asthe extensions described in RFC 1876, 1712, or the like), reverse DNStranslation, using a address database (e.g., WHOIS, nslookup, etc.), orthe like. Although a particular set of techniques for determining thephysical location of a device based upon messages sent thereby arediscussed herein, the disclosure is not limited in this regard and couldbe adapted to employ any location-determining technique and/or serviceknown in the art.

The location-aware configuration service 120 may include and/or becommunicatively coupled to a regional restrictions service 132, whichmay provide device restrictions based upon device location. Therestrictions provided by the regional restrictions service 132 mayinclude restrictions imposed by an authority having jurisdiction in theregion where the device is located. For example, if a particular deviceis located in the United States, the regional restrictions service 132may provide restrictions imposed by the FCC; if the device is deployedin the EU, the regional restrictions service 132 may providerestrictions imposed by an EU authority (e.g., the BEREC); and so on.The regional restrictions service 132 may maintain and/or track changesto the restrictions pertaining to different regions. As such, theregional restrictions service 132 may be capable of providing up-to-dateregional restriction information. In some embodiments, the regionalrestrictions may also include privacy restrictions indicating what, ifany, information about the device (e.g., usage, location, enabledfeatures, and the like) and/or marketing data may be stored by thelocation-aware configuration service 120 (with or without user opt-in).The regional restrictions service 132 may be implemented as a componentand/or module of the location-aware configuration service 120.Alternatively, the regional restrictions service 132 may be provided bya third party.

The location-aware configuration service 120 may include and/or becommunicatively coupled to inter-regional restrictions service 134,which may provide device restrictions imposed by authorities havingjurisdiction over the manufacturer and/or provider of the device. Theinter-regional restrictions service 134 may provide restrictions imposedby third-party, inter-regional authorities including, but not limitedto: export authorities, international authorities, state departments(e.g., U.S. State Department), treaty organizations, and the like. Theinter-regional restrictions service 134 may be configured to maintainand/or track changes to the restrictions imposed by various authorities.As such, the inter-regional restrictions service 134 may be capable ofproviding up to date restriction information. In some embodiments, therestrictions provided by the inter-regional restrictions service 134 mayinclude privacy restrictions indicating what, if any, information aboutthe device (e.g., usage, location, enabled features, and the like)and/or marketing information (with or without user opt-in) may be storedby the location-aware configuration service 120. The inter-regionalrestrictions service 134 may be implemented as a component and/or moduleof the location-aware configuration service 120. Alternatively, theinter-regional restrictions service 134 may be provided by a thirdparty.

The location-aware configuration service 120 may include and/or becommunicatively coupled to a globalization data store 136, which mayprovide globalization parameters based upon the location of a device. Asdiscussed above, device globalization parameters may include devicelanguage settings, input/output settings, input layout settings, and thelike. The globalization service 136 may be provided by a third-partyand/or may be implemented as a component and/or module of thelocation-aware configuration service 120.

The location-aware configuration service 120 may use the configurationprofile data store 122 along with the restriction and/or globalizationinformation provided by services 130, 132, 134, and/or 136 to generate alocation-aware configuration profile for a device. For example, thelocation-aware configuration service 120 may determine the location of adevice using the locator service 130, determine applicable devicerestrictions, privacy settings, and/or globalization parameters usingthe service(s) 132, 134, and/or 136, and generate a correspondinglocation-aware configuration profile comprising the restrictions,privacy settings, globalization parameters using the configurationprofile data store 122. The location-aware configuration profile may beprovided to the device, which may implement the profile.

A networking device 140 may be communicatively coupled to a network 110.The networking device 140 may be configured to operate according to afirst configuration profile, which, as discussed above, may be adaptedto cause the device 140 to conform to the restrictions imposed within aplurality of different jurisdictions and/or regions. The device may beconfigured to operate according to the first configuration profile untila location-aware configuration profile is obtained. As discussed above,the first configuration profile may be configured to cause the device140 to comply with all (or as many as possible) restrictions imposedthroughout the world and/or within regions the device 140 is likely tobe deployed. As such, the first configuration profile may cause thedevice 140 to provide less functionality than the device 140 is capableof providing (e.g., transmit information at lower transmission powerlevels, use a restricted set of transmission modes, use lesssophisticated encryption techniques, and so on).

In some embodiments, the device 140 may be configured to automaticallytransmit a request 142 for a location-aware configuration profile to thelocation-aware configuration service 120 via the network 110 (using anISP 112 of the device). Accordingly, the device 140 may bepre-configured with the address (e.g., (Internet Protocol) IP address,Uniform Resource Identifier (URI), or the like) and/or distinguishedname (DN) of the location-aware configuration service 120. Thepre-configured address may be secured within the device 140 to preventmodification thereof. In some embodiments, the address may be hard-codedin an EEPROM or other read-only storage location of the device 140, thedevice 140 may maintain a hash code or signature of the address, or thelike. Similarly, the network path and/or communications channel betweenthe device 140 and the location-aware configuration service 120 may besecured (e.g., using a secure DNS protocol, Secure Sockets Layer (SSL),Secure Hypertext Transfer Protocol (HTTPS), or the like). The device 140may be preconfigured with a public key certificate (or other credential)of the location-aware location service 120. The credential may be hardcoded and/or secured on the device 140 as described above. The device140 may validate that it is communicating with a valid location-awareconfiguration service 120 using the credential (e.g., may verify asignature on communications purportedly originating from thelocation-aware configuration service 120). In some embodiments, thevalidation may comprise a challenge-response protocol in which thedevice 140 and/or location-aware configuration service 120 transmitrespective challenges (comprising random, “nonce” data) to one another,sign or otherwise authenticate the respective challenges, and, using therespective signatures, authenticate the identity of one another.

Alternatively, or in addition, the address may be provided by a user 144via a configuration interface provided by the device 140, throughanother computing device 146, using a management system (e.g., SimpleNetwork Management Protocol (SNMP)), or the like. Similarly, the request142 may be transmitted responsive to a user command (e.g., as part of adevice registration process or the like).

The location-aware configuration service 120 may receive the request 142and determine a location of the device 130 using the locator service130. Based upon the location of the device 140, the location-awareconfiguration service 120 may identify one or more restrictionsapplicable thereto (e.g., using the regional restrictions service 132and/or inter-regional restrictions service 134). The location-awareconfiguration service 120 may also determine one or more globalizationparameters using the globalization service 136. Privacy settings mayalso be determined using the services 132, 134, and/or 136.

Using the restriction, globalization, and/or privacy information, thelocation-aware configuration service 120 may determine a location-awareconfiguration profile for the device 140. The location-awareconfiguration profile may be determined by combining configurationprofile information in the configuration profile data store 122 with theidentified restrictions, privacy restrictions, and/or globalizationparameters. In addition, the location-aware configuration service 120may store a record of the request 142 in the marketing data store 124(in accordance with the privacy restrictions discussed above). Therecord may include a device identifier (e.g., serial number, name, etc.)in association with a location of the device 140, device features,device configuration parameters, and the like.

The location-aware configuration profile determined by thelocation-aware configuration service 120 may be transmitted to thedevice 140 via a response message 126 via the network 110.Alternatively, the location-aware configuration profile may betransmitted to a user (e.g., user 144) for manual configuration of thedevice 140.

When the device 140 receives the location-aware configuration profile,the device 140 may stop operating according to its initial configurationprofile (e.g., first configuration profile) and begin using thelocation-aware configuration profile. Before implementing thelocation-aware configuration profile, the device 140 may be configuredto verify the authenticity and/or integrity of the configurationprofile. This may prevent tampering with the location-awareconfiguration profile and/or prevent the device 140 from implementing aconfiguration profile that was not transmitted from and/or produced bythe location-aware configuration service. In some embodiments, themessage 126 comprising the location-aware configuration profile may bedigitally signed (e.g., using an X.509 certificate) or encrypted. Thedevice 140 may verify the signature using a public key of thelocation-aware configuration service 120 to verify the authenticity andintegrity of the configuration profile. Alternatively, or in addition,the message 126 may be transmitted to the device 140 using a securecommunications protocol, such as HTTPS, secure FTP, or the like. Thecommunications protocol may be used by the device 140 to verify thesource of the message 126 and/or to verify the integrity thereof.

In some embodiments, the device 140 may be configured to periodicallycontact the location-aware configuration service 120 for updates to thelocation-aware configuration profile. Updates may be provided responsiveto changes to the restrictions applicable to the device 140, recallinformation, or the like. Alternatively, or in addition, thelocation-aware configuration service 120 may be configured to activelytransmit updates to the location-aware configuration profile to thedevice 140 (if allowed by a user of the device 140). The updates mayallow the device 140 to conform to changes to applicable regionalrestrictions, recalls, or the like. In some embodiments, the device 140may be required to periodically update its location-aware configurationprofile. For example, the device 140 may be required to contact thelocation-aware configuration service 120 at a particulate interval(e.g., once a day). If the device 140 fails to contact the service 120,the device 140 may be configured to stop operating and/or to operate ina reduced-functionality mode (e.g., use the first configurationprofile).

The location-aware configuration service 120 may store a compliancerecord whenever a device (e.g., device 140) is configured to conform toregional restrictions. The record may be stored in the marketing datastore 124 or another storage location (not shown). The compliance recordmay provide an indication of how many devices in a particular regionhave been configured to conform with the applicable restrictions. Thecompliance information may not include device- and/orcustomer-identifying information (unless permitted by privacy settingsand/or a user of the device 140). The compliance information may beprovided to one or more authorities to show compliance by themanufacturer of the device 140.

FIG. 2 is a flow diagram of one embodiment of a method 200 for providinga location-aware configuration service. The method 200 may beimplemented by a computing device comprising a processor and memoryusing one or more computer-readable and/or computer-executableinstructions. The instructions comprising the method 200 may be embodiedas one or more distinct software modules, which may be stored on acomputer-readable storage medium, such as a hard disc, optical storagemedia, or the like. In some embodiments, one or more steps of the method200 may be tied to particular machine components, such ascomputer-readable storage media, communications interfaces, processingmodules, or the like.

At step 210, the method 200 may start and be initialized, which maycomprise the method 200 loading one or more computer-readableinstructions from a computer-readable storage media, initializingcommunications interfaces and other resources, and the like.

At step 220, the method 200 may receive a request for a location-awareconfiguration from a device. The request may be received via acommunications network, such as the Internet, via email, or the like andmay include a device identifier (e.g., serial number, version, etc.),privacy restrictions, and the like.

At step 230, the method 200 may determine a location of the device basedupon the message (e.g., based upon IP addressing information associatedwith the message, traceroute, etc.).

At step 240, a restriction based upon the location of the device may beidentified. The identified restriction may be imposed by an authorityhaving jurisdiction where the device is located and/or by a third party(e.g., an export authority, international authority, or the like). Insome embodiments, step 240 may further include identifying one or moreglobalization parameters of the device (e.g., language, input layout,etc.) and/or identifying a privacy setting of the device.

At step 250, a location-aware configuration for the device may bedetermined. The location-aware configuration profile may include therestriction(s), globalization parameter(s), and/or privacy settingsidentified at step 240.

At step 260, the location-aware configuration may be transmitted to thedevice. In some embodiments, step 260 may comprise authenticating thelocation-aware configuration data by, for example, digitally signing theconfiguration, encrypting the configuration, or the like. Step 260 mayfurther comprise storing a record of the request in a computer-readablestorage medium. The record may include device-identifying information,such as device serial number, name, or the like, in association with alocation of the device and other information (e.g., device usageinformation, device features, and so on). In some embodiments, therecord may be stored only if permitted by the privacy settings accessedat step 240 and/or if permitted by a user of the device. A compliancerecord may also be stored. The compliance record may not include device-and/or customer-identifying information. As discussed above, compliancerecords may be used to show how many devices provided by a particularmanufacturer and/or reseller have been configured to conform to therestrictions applicable within particular regions.

As discussed above, in some embodiments, steps 250 and/or 260 mayfurther comprise verifying the location of the device. The verificationmay include comparing the location of the network device determined atstep 230 to billing information associated with the device (e.g., abilling address of the device buyer, a billing address associated with adevice subscription, and so on). Alternatively, or in addition, theverification may comprise a search of public records, ISP information,or the like. In some embodiments, if the device location cannot beverified, the location-aware configuration may be adapted to conform toboth the claimed location and another likely location of the device(e.g., a identified during validation). At step 270, the method 200 mayend until another request for a location-aware configuration profile isreceived.

FIG. 3 is a flow diagram of a method 300 for operating a device using alocation-aware configuration profile. The method 300 may be implementedon a computing device comprising a processor and memory using one ormore computer-readable and/or computer-executable instructions. Theinstructions comprising the method 300 may be embodied as one or moredistinct software modules, which may be stored on a computer-readablestorage medium, such as a hard disc, optical storage media, or the like.In some embodiments, one or more steps of the method 300 may be tied toparticular machine components, such as computer-readable storage media,communications interfaces, processing modules, or the like.

At step 310, the method 300 may start and be initialized, which maycomprise loading one or more computer-readable instructions from acomputer-readable storage media, initializing resources for the method300 (e.g., memory, communications interfaces, and the like), and so on.

At step 320, the device may be configured to operate according to afirst configuration profile. As discussed above, the first configurationprofile may be adapted to cause the device to operate in a reducedfunctionality mode that complies with all (or substantially all) thedevice restrictions applicable to devices within various regionsthroughout the world and/or within the locations where the device islikely to be sold and/or operated.

At step 330, the device may transmit a request for a location-awareconfiguration profile to a location-aware configuration service. Theaddress of the location-aware configuration service may be included inthe first configuration profile, hard coded into the device, and/or maybe manually set by an operator. The request may be transmittedautomatically (e.g., when the device is powered on and connected to acommunications network) and/or responsive to a configuration command(e.g., from a user, an SNMP command, or the like). In some embodiments,the request may include a device identifier (e.g., serial number, name,etc.) and/or may include device privacy preferences provided by anoperator or user.

At step 340, and responsive to the request, a message comprising alocation-aware configuration profile may be received.

At step 350, the location-aware configuration profile received at step340 may be implemented by the device. In some embodiments, step 350 maycomprise authenticating the location-aware configuration profile and/orverifying the integrity thereof (e.g., verifying that the location-awareconfiguration profile has not been altered by an entity other than thelocation-aware configuration service). The authentication and/orverification of step 350 may comprise verifying a digital signature onthe location-aware configuration profile or the like (e.g., decryptingthe profile, etc.).

Implementing the location-aware configuration profile at step 350 maycomprise applying one or more device settings specified therein. Thesettings may be configured to cause the device to conform to one or morerestrictions (e.g., transmission power restriction, channel restriction,encryption algorithm restriction, or the like). Alternatively, or inaddition, applying the location-aware configuration profile may comprisethe device implementing settings to conform to one or more directives inthe location-aware configuration profile (e.g., select settings to causethe device to conform to transmission power settings, or the like).

In some embodiments, step 350 may comprise retransmitting the applicablerestrictions to other devices (e.g., using wired and/or wirelesscommunications interface(s) of the device). The retransmission may causeother devices to conform to the restrictions applicable in thejurisdiction in which the device is deployed. In some embodiments, therestrictions may be adapted for use by other devices. For example, atransmission power restriction expressed as a device-specific setting inthe location-aware configuration profile may be modified to include theactual transmission power restriction (e.g., expressed in terms ofwatts, decibels, or the like) and/or to provide the restrictioninformation as settings for another type of networking device.

At step 360, the method 300 may end until an update to thelocation-aware configuration profile is requested.

The above description provides numerous specific details for a thoroughunderstanding of the embodiments described herein. However, those ofskill in the art will recognize that one or more of the specific detailsmay be omitted, or other methods, components, or materials may be used.In some cases, operations are not shown or described in detail.

Furthermore, the described features, operations, or characteristics maybe combined in any suitable manner in one or more embodiments. It willalso be readily understood that the order of the steps or actions of themethods described in connection with the embodiments disclosed may bechanged as would be apparent to those skilled in the art. Thus, anyorder in the drawings or Detailed Description is for illustrativepurposes only and is not meant to imply a required order, unlessspecified to require an order.

Embodiments may include various steps, which may be embodied inmachine-executable instructions to be executed by a general-purpose orspecial-purpose computer (or other electronic device). Alternatively,the steps may be performed by hardware components that include specificlogic for performing the steps, or by a combination of hardware,software, and/or firmware.

Embodiments may also be provided as a computer program product includinga computer-readable medium having stored instructions thereon that maybe used to program a computer (or other electronic device) to performprocesses described herein. The computer-readable medium may include,but is not limited to: hard drives, floppy diskettes, optical disks,CD-ROMs, DVD-ROMs, ROMs, RAMs, EPROMs, EEPROMs, magnetic or opticalcards, solid-state memory devices, or other types ofmedia/machine-readable medium suitable for storing electronicinstructions.

As used herein, a software module or component may include any type ofcomputer instruction or computer executable code located within a memorydevice and/or computer-readable storage medium. A software module may,for instance, comprise one or more physical or logical blocks ofcomputer instructions, which may be organized as a routine, program,object, component, data structure, etc., that perform one or more tasksor implements particular abstract data types.

In certain embodiments, a particular software module may comprisedisparate instructions stored in different locations of a memory device,which together implement the described functionality of the module.Indeed, a module may comprise a single instruction or many instructions,and may be distributed over several different code segments, amongdifferent programs, and across several memory devices. Some embodimentsmay be practiced in a distributed computing environment where tasks areperformed by a remote processing device linked through a communicationsnetwork. In a distributed computing environment, software modules may belocated in local and/or remote memory storage devices. In addition, databeing tied or rendered together in a database record may be resident inthe same memory device, or across several memory devices, and may belinked together in fields of a record in a database across a network.

It will be understood by those having skill in the art that many changesmay be made to the details of the above-described embodiments withoutdeparting from the underlying principles of the disclosure.

We claim: 1-46. (canceled)
 47. A method, comprising: configuring anetworking device to provide networking services to a plurality ofclient devices in accordance with a first profile, wherein the firstprofile is configured to cause the networking device to provide thenetworking services to the plurality of client devices in conformancewith restrictions of a plurality of different jurisdictions; receiving asecond, location-specific profile from a configuration service via anetwork, wherein the second, location-specific profile is configured tocause the networking device to provide the networking services to theplurality of client devices in conformance with restrictions of one ofthe plurality of different jurisdictions; and providing networkingservices to the plurality of client devices in accordance with thesecond, location-specific profile.
 48. The method of claim 47, furthercomprising transmitting a request for the second, location-specificprofile to the configuration service via the network, wherein theconfiguration service is configured to determine a deployment locationof the networking device based on the transmitted request.
 49. Themethod of claim 48, further comprising accessing a preconfiguredaddressing information of the configuration service stored on anon-volatile storage medium of the networking device.
 50. The method ofclaim 48, further comprising authenticating the second,location-specific profile by use of a credential stored on anon-volatile storage medium of the networking device.
 51. The method ofclaim 48, wherein the configuration service is configured to identify ajurisdiction corresponding to the deployment location of the networkingdevice.
 52. The method of claim 47, wherein the networking device is awireless networking device, and wherein a restriction of the second,location-aware profile pertains to one or more of a frequency used bythe networking device, a channel used by the networking device, atransmission power of the networking device, and a transmission mode ofthe networking device.
 53. The method of claim 47, wherein a restrictionof the second, location-specific profile pertains to an encryptionalgorithm used by the networking device.
 54. The method of claim 47,wherein a restriction of the second, location-specific profilecorresponds to a restriction imposed by a country in which thenetworking device is deployed.
 55. The method of claim 47, wherein arestriction of the second, location-specific profile pertains to aprivacy restriction pertaining to information gathered by the networkingdevice relating to the plurality of client devices.
 56. The method ofclaim 47, wherein a restriction of the second, location-specific profilepertains to logging user activity on the networking device.
 57. Themethod of claim 47, wherein a restriction of the second,location-specific profile pertains to reporting user activity performedon the networking device.
 58. The method of claim 47, wherein arestriction of the second, location-specific profile pertains tomonitoring user activity on the networking device
 59. A non-transitorycomputer-readable storage medium comprising executable instructionsconfigured to cause a computing device to perform operations,comprising: providing networking services to two or more client devicesin conformance with restrictions of a plurality of differentjurisdictions; receiving a location-specific profile from aconfiguration service through a network, wherein the location-specificprofile is configured to cause a networking device to provide thenetworking services to the client devices in conformance withrestrictions corresponding to a selected one of the plurality ofdifferent jurisdictions; and providing networking services to the clientdevices in accordance with the location-specific profile and inconformance with the restrictions corresponding to the selectedjurisdiction by use of the networking device.
 60. The non-transitorycomputer-readable storage medium of claim 59, the operations furthercomprising transmitting a request for the location-specific profile byuse of the network.
 61. The non-transitory computer-readable storagemedium of claim 60, the operations further comprising accessing anaddress of the configuration service stored in a storage medium.
 62. Thenon-transitory computer-readable storage medium of claim 59, theoperations further comprising authenticating the location-specificprofile by use of a credential stored on a storage medium of thenetworking device.
 63. The non-transitory computer-readable storagemedium of claim 59, wherein the configuration service is configured todetermine a deployment location of the networking device based on thetransmitted request.
 64. The non-transitory computer-readable storagemedium of claim 59, wherein the networking device is a wirelessnetworking device, and wherein a restriction corresponding to theselected jurisdiction relates to one or more of a frequency used by thenetworking device, a channel used by the networking device, atransmission power of the networking device, and a transmission mode ofthe networking device.
 65. The non-transitory computer-readable storagemedium of claim 59, wherein a restriction corresponding to the selectedjurisdiction relates to one or more of an encryption algorithm used bythe networking device and a privacy setting of the networking device.66. The non-transitory computer-readable storage medium of claim 59,wherein a restriction corresponding to the selected jurisdictioncomprises a directive pertaining to logging user activity on thenetworking device.
 67. The non-transitory computer-readable storagemedium of claim 59, wherein a restriction corresponding to the selectedjurisdiction comprises a directive pertaining to reporting user activityon the networking device.
 68. The non-transitory computer-readablestorage medium of claim 59, wherein a restriction corresponding to theselected jurisdiction comprises a directive pertaining to monitoringuser activity on the networking device.
 69. The non-transitorycomputer-readable storage medium of claim 59, wherein a restrictioncorresponding to the selected jurisdiction pertains to informationgathered by the networking device relating to the plurality of clientdevices.
 70. The non-transitory computer-readable storage medium ofclaim 59, wherein a restriction corresponding to the selectedjurisdiction comprises a restriction imposed by one of a country inwhich the networking device is deployed, and an international authority.71. An apparatus, comprising: a networking device comprising aninterface to a network; and a storage medium of the networking deviceconfigured to store a first profile, wherein the networking device isconfigured to provide networking services to one or more client devicesin accordance with the first profile, and wherein the first profile isconfigured to cause the networking device to provide the networkingservices to the client devices in conformance with restrictions of aplurality of different jurisdictions, wherein the networking device isconfigured to receive a second, location-aware profile via the network,wherein the second, location-aware profile is configured to cause thenetworking device to provide the networking services to the clientdevices in conformance with restrictions of a particular jurisdiction,and wherein the networking device is configured to provide networkingservices to the client devices in accordance with the second,location-aware profile and in conformance with the restrictions of theparticular jurisdiction.
 72. The apparatus of claim 71, wherein thenetworking device is configured to transmit a request for the second,location-aware profile to a configuration server by use of the network.73. The apparatus of claim 72, wherein the networking device comprises acomputer-readable storage medium configured to store informationpertaining to the configuration server, and wherein the networkingdevice is configured to transmit the request using the storedinformation.
 74. The apparatus of claim 73, wherein the networkingdevice is configured to authenticate the second, location-aware profileby use of the stored information pertaining to the configuration server.75. The apparatus of claim 71, wherein a restriction of the particularjurisdiction corresponds to one or more of a transmission frequency ofthe networking device, a transmission channel of the networking device,a transmission power of the networking device, and an encryptionalgorithm used by the networking device.
 76. the apparatus of claim 71,wherein the second, location-aware profile comprises a languageparameter for the networking device, and wherein the networking deviceis configured to provide information to a user in accordance with thelanguage parameter.
 77. The apparatus of claim 71, wherein a restrictionof the particular jurisdiction comprises a restriction that relates tologging user activity on the networking device.
 78. The apparatus ofclaim 71, wherein a restriction of the particular jurisdiction comprisesa restriction that relates to reporting user activity on the networkingdevice.
 79. The apparatus of claim 71, wherein a restriction of theparticular jurisdiction comprises a restriction that relates tomonitoring user activity on the networking device.
 80. The apparatus ofclaim 71, wherein the networking device is configured to receive anupdated location-aware profile corresponding to updated restrictions ofthe particular jurisdiction, and wherein the networking device isconfigured to provide networking services to the client devices inconformance with the updated restrictions.
 81. A system, comprising: anetworking device configured to provide networking services to aplurality of users at a deployment location in accordance with a firstset of restrictions, wherein the first set of restrictions correspond torestrictions of two or more different jurisdictions, wherein thenetworking device is configured to receive a location-specificconfiguration from a configuration service in response to a requesttransmitted to the configuration service by the networking device,wherein the location-specific configuration is adapted to cause thenetworking device to provide networking services in accordance with asecond, different set of restrictions corresponding to restrictions of aselected one of the two or more different jurisdictions, and wherein thenetworking device is configured to provide networking services to theplurality of users at the deployment location in accordance with thesecond, different set of restrictions corresponding to the selectedjurisdiction.
 82. The system of claim 81, wherein the networking deviceis configured to authenticate the second, location-specific profile. 83.The system of claim 81, wherein the networking device comprises anon-transitory storage medium comprising stored information pertainingto the configuration service, and wherein the networking device isconfigured to transmit the request by use of the stored information. 84.The system of claim 83, wherein the stored information pertaining to theconfiguration service comprises a network address of the configurationservice.
 85. The system of claim 83, wherein the stored informationpertaining to the configuration service comprises a certificate of theconfiguration service.
 86. The system of claim 83, wherein thenetworking device is configured to authenticate the second,location-specific profile by use of the stored information pertaining tothe configuration service.
 87. The system of claim 81, wherein thenetworking device is configured to receive an updated location-specificprofile from the configuration service, the updated location-specificprofile comprising a third, different set of restrictions correspondingto the selected jurisdiction, and wherein the networking device isconfigured to provide networking services to the plurality of users atthe deployment location in accordance with the third, different set ofrestrictions.
 88. The system of claim 81, wherein the second, differentset of restrictions includes a restriction pertaining to logging useractivity on the networking device.
 89. The system of claim 81, whereinthe second, different set of restrictions includes a restrictionpertaining to reporting user activity on the networking device.
 90. Thesystem of claim 81, wherein the second, different set of restrictionsincludes a restriction pertaining to monitoring user activity on thenetworking device.